Associate Director Policy, Governance, Audit and Compliance

When you join Verizon

Verizon is one of the world’s leading providers of technology and communications services, transforming the way we connect around the world. We’re a human network that reaches across the globe and works behind the scenes. We anticipate, lead, and believe that listening is where learning begins. In crisis and in celebration, we come together—lifting up our communities and striving to make an impact to move the world forward. If you’re fueled by purpose, and powered by persistence, explore a career with us. Here, you’ll discover the rigor it takes to make a difference and the fulfillment that comes with living the #NetworkLife.

The Verizon CyberSecurity (VCS) organization ensures the confidentiality, integrity and availability of technology assets and information across all Verizon networks, systems and applications. VCS integrates cyber security governance, risk, compliance, policies, technologies and operations across Verizon, and works to incorporate security into the design of technology systems and services.

The Cybersecurity Governance, Risk and Compliance (GRC) organization is tasked with improving the security risk posture of information assets through effective contextual risk management, dynamic compliance management and driving improvements through effective end-to-end lifecycle management of policies and standards, as well as automation and effective management of key security controls.

GRC is looking for the Associate Director of Policy, Governance, Audit and Compliance who will be responsible for managing the programs, strategies, and day-to-day activities to support policy management, all compliance-related activities including PCI and Enterprise policy, as well as all audit and governance activities. The Associate Director will be tasked with designing, implementing, and enhancing a governance program to comply with privacy, confidentiality, and cybersecurity-related laws and regulations, and company policies and objectives. 

Primary Responsibilities:

• Establishing an information management and protection framework for an effective enterprise-wide information governance program ("program") and direct day-today activities, including program objectives, policies, procedures, training and communication.

• Identifying information management and protection laws and regulations and implement actions to ensure compliance.

• Effectively representing the organization’s positions and advocate internal and external policy to shape the development of new laws and regulations consistent with company objectives.

• Developing and implementing a compliance monitoring system.

• Coordinating a company-wide assessment process to identify potential risks and control solutions.

• Monitoring actions to identify emerging risks and to close gaps.

• Creating internal partnerships with key stakeholders, such as business information security officers (BISOs), other Cybersecurity teams, technical teams in the business units,  Legal, and Enterprise Risk Management to influence and align business-area actions that are needed to achieve program objectives. 

• Directing actions to ensure external stakeholders, such as suppliers, have policies and practices that are aligned with laws, regulations, and organizational programs.

• Developing and overseeing the formalized programs related to compliance (ViSF, PCI) by evaluating the current landscape of each and developing plans for improved management which will include automation.

• Proactively providing insightful recommendations across the internal environment to improve internal control procedures, increase audit efficiencies, and drive process optimization.

You’ll need to have:

• Bachelor’s degree or four or more years of work experience.

• Six or more years of relevant work experience.

• Experience with cybersecurity risk, compliance, and governance management concepts, cybersecurity frameworks, and security technologies.

• Demonstrated experience designing, managing, and executing large-scale, enterprise-wide projects.

Even better if you have: 

• A degree.

• Excellent verbal and written communication skills with the ability to influence the actions of internal stakeholders and manage relationships with external stakeholders.

• Professional management certification, such as CISA, CRISC, CISM, CISSP, or other related credentials.

• Three or more years of people management experience.

• Sound knowledge of business management and a working knowledge of information risk management, cybersecurity and IT compliance technologies; knowledge and understanding of relevant legal and regulatory requirements.

Scheduled Weekly Hours

Equal Employment Opportunity 

We’re proud to be an equal opportunity employer - and celebrate our employees’ differences, including race, color, religion, sex, sexual orientation, gender identity, national origin, age, disability, and Veteran status. At Verizon, we know that diversity makes us stronger. We are committed to a collaborative, inclusive environment that encourages authenticity and fosters a sense of belonging. We strive for everyone to feel valued, connected, and empowered to reach their potential and contribute their best. Check out our diversity and inclusion page to learn more.